FIX: You may be redirected to the password change page when your password has not expired or is not near expiration when you use Forms Based Authentication in Forefront Threat Management Gateway 2010

SYMPTOMS

When you use Forms Based Authentication (FBA) in a Microsoft Forefront Threat Management Gateway (TMG) 2010 environment, you may be redirected to the password change page even when your password has not expired or is not near expiration. This behavior may occur when the password expiry policy is controlled by a Fine-Grained Password Policy (FGPP) or by Password Settings Objects (PSOs).

CAUSE

This problem occurs because TMG does not check the PSOs object class for the user and relies on the Domain Security policy. This may cause TMG to incorrectly calculate the password expiration time.

RESOLUTION

To resolve this problem, install the service pack that is described in the following Microsoft Knowledge Base article: